Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Exchange ¶
type Exchange struct { Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` AccessToken string `json:"access_token,omitempty"` TokenType string `json:"token_type,omitempty"` ExpiresIn int `json:"expires_in,omitempty"` Scope string `json:"scope,omitempty"` IDToken string `json:"id_token,omitempty"` WrappedError error }
Exchange has been copied from https://github.com/okta/samples-golang/tree/develop/okta-hosted-login
type OktaAuth ¶
type OktaAuth struct {
// contains filtered or unexported fields
}
OktaAuth provides okta-based authentication via the OAuth2.0 Authorization flow.
func New ¶
func New(clientID, clientSecret, issuer, backendPath, successRedirectPath, failureRedirectPathPrefix, profileToShortnameField string, canAccessService func(map[string]string) bool) OktaAuth
New generates a new OktaAuth instance. OktaAuth requires a fair bit of configuration. These are the fields and their meanings:
clientID: The Okta-generated client id for an application
clientSecret:The Okta-generated client secret for an application
issuer: The okta protocol, domain, and root path for okta verification.
backendAbsolutePath: The protocol, domain, and root path for the backend (e.g. "http://localhost:3000/web")
successRedirectPath: The absolute path on where to redirect the user when auth is successful
failureRedirectPath: The absolute path on where to redirect the user when auth fails
canAccessService: A function that evaluates an okta profile (map[string]string) to determine if a user has access to this application. If the user should have access to this service, then return true. Otherwise, return false.
func NewFromConfig ¶
func (OktaAuth) BindRoutes ¶
func (okta OktaAuth) BindRoutes(r *mux.Router, bridge authschemes.AShirtAuthBridge)
BindRoutes implements two routes to complete the okta login/ashirt registration process. /login kicks off the process, redirecting the user to okta to login. Once successful, okta will contact /callback to complete the process. In addition to normal auth verification, /callback also checks that a user is allowed to access this service (via the canAccessService function provided via oktaauth.New) and will generate a new ashirt user if that user doesn't already exist.
func (OktaAuth) FriendlyName ¶
FriendlyName returns "Okta OIDC"